package com.feng.config;

import com.feng.filter.JwtAuthenticationTokenFilter;
import com.feng.service.UserService;
import com.feng.service.impl.MyUserDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.password.PasswordEncoder;

import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;


/**
 * @author: 丰
 * @date: 2023/1/6 15:10
 */

// 里面存在Configuration注解
@EnableWebSecurity
//@EnableGlobalMethodSecurity(prePostEnabled = true)   // 在controller做授权需要添加
public class SecurityConfig extends WebSecurityConfigurerAdapter{

    // 自定义的登录处理
    @Autowired
    private MyUserDetailsService userDetailsService;

    // Taken过滤器
    @Autowired
    private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;


    // 过滤静态资源
    @Override
    public void configure(WebSecurity web) throws Exception{
        web.ignoring().antMatchers(
                "/login.html", "/css/**", "/js/**",
                "/upload/**", "/X-admin/**", "/html/**", "/front/**");
//        web.ignoring().antMatchers("/static/**");
    }

    // 授权
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/index","/login", "/back/user/login").permitAll()// index 放行
                .antMatchers(HttpMethod.OPTIONS).permitAll()   //options 方法的请求放行

                .antMatchers("/back/product/**", "/back/category/**", "/back/file/**").hasAuthority("feng:product")
                .antMatchers("/back/category/**").hasAuthority("feng:product:category")
                .antMatchers("/back/news/**", "/back/newscategory/**", "/back/file/**").hasAuthority("feng:news")
                .antMatchers("/back/newscategory/**").hasAuthority("feng:news:category")
                .antMatchers("/back/company/**", "/back/file/**").hasAuthority("feng:company")
                .antMatchers("/back/online/**").hasAuthority("feng:info")
                .antMatchers("/back/**").hasAuthority("feng:user")
                .anyRequest().authenticated()

                .and()
                .formLogin()
                .defaultSuccessUrl("/html/index.html", true)
                .loginPage("/html/login.html")   // 登录访问的路径
                .loginProcessingUrl("/login")     // 登录时，发起请求的地址，使用系统默认的

                .and()
                .csrf().disable()

                .sessionManagement()//允许配置会话管理
                //Spring Security永远不会创建一个HttpSession，也永远不会使用它获取SecurityContext
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)

                .and()
                .userDetailsService(userDetailsService);   // 使用自己的xxxx;
        http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
    }

    // 配置加密规则
    @Bean
    public PasswordEncoder passwordEncoder(){
        // 使用自己自定的md5
        return new Md5PasswordEncoderConfig();
    }
}
